3GPP has specified a set of architecture enhancements for providing Internet Protocol (IP) connectivity using non-3GPP accesses (e.g. WiFi), to the evolved 3GPP Packet Switched (PS) domain. Both roaming and non-roaming scenarios are covered and all related procedures including mobility between 3GPP and non 3GPP accesses, policy control and charging, and authentication, related to the usage of non-3GPP.
The evolved packet system, EPS, supports the use of non-3GPP IP access networks to access the EPC. The Mobility mechanisms supported between 3GPP and non-3GPP accesses within an operator and its roaming partner's network would depend upon operator choice.
FIG. 1 depicts on high level the 3GPP reference architecture for a non-roaming scenario. The communications system 100 illustrated in FIG. 1 comprises a UE 101 which access's a 3GPP core network 102. The UE 101 may access a 3GPP access network 103 via a non-3GPP network such as at least one of e.g. an untrusted non-3GPP IP access network 105 and a trusted non-3GPP IP access network 108.
Trusted and Untrusted Non-3GPP Access Networks 105, 108 are IP access networks that use access technology whose specification is out of the scope of the 3GPP. Whether a Non-3GPP IP 105, 108 access network is Trusted or Untrusted is not a characteristic of the access network. In non-roaming scenario it is the HPLMN's operator decision if a Non-3GPP IP access network is used as Trusted or Untrusted Non-3GPP Access Network.
In roaming scenario, the HSS/3GPP AAA Server in HPLMN 100h makes the final decision of whether a Non-3GPP IP access network is used as Trusted or Untrusted non-3GPP Access Network. The HSS/3GPP AAA Server may take the VPLMN's policy and capability returned from the 3GPP AAA Proxy or roaming agreement into account.
The untrusted non-3GPP IP access network 105 may also be referred to as an untrusted non-3GPP access network, an untrusted non-3GPP network, an untrusted non-3GPP access, an untrusted non-3GPP IP access, an untrusted non-3GPP domain or an untrusted WiFi domain. The trusted non-3GPP IP access network 108 may also be referred to as a trusted non-3GPP access network, a trusted non-3GPP network, a trusted non-3GPP access, a trusted non-3GPP IP access, a trusted non-3GPP domain or a trusted WiFi domain.
The 3GPP core network may be e.g. a WCDMA (Wideband Code Division Multiple Access) network, a GSM (Global System for Mobile Communications) network or a Long Term Evolution (LTE) network. The 3GPP core network 102 may also be an Evolved Packet Core (EPC) network.
The UE 101 may be a device by which a subscriber may access services offered by an operator's network and services outside operator's network to which the operator's radio access network and core network provide access, e.g. access to the Internet. The UE 101 may be any device, mobile or stationary, enabled to communicate in the communications network, for instance but not limited to e.g. user equipment, mobile phone, smart phone, sensors, meters, vehicles, household appliances, medical appliances, media players, cameras, Machine to Machine (M2M) device, Device to Device (D2D) device, Internet of Things (IoT) device, SIM device, or any type of consumer electronic, for instance but not limited to television, radio, lighting arrangements, tablet computer, laptop or Personal Computer (PC). The UE 101 may be portable, pocket storable, hand held, computer comprised, or vehicle mounted devices, enabled to communicate voice and/or data, via the radio access network, with another entity, such as another UE or a server.
The 3GPP core network 102 comprises 3GPP infrastructure nodes or core network nodes. Examples of core network nodes are the HSS 110, 3GPP AAA server 113, PCRF 115, ePDG 117, gateways such as e.g. SGW 118 and PGW 120.
The UE 101 may be provided access to EPC service provided by the 3GPP network 103 via e.g. the untrusted non-3GPP IP access network 105. The UE's operator provides operator IP services 125 to the UE 101.
The HSS 110 is an example of a subscriber database which comprises subscriber related data and information, i.e. related to the subscriber associated with the UE 101. Another example of a subscriber database may be a HLR 130. In some embodiments, the HSS 110 is referred to as a HSS server. The HLR 130 and the reference number 130 are not illustrated in FIG. 1, but in other figures.
The ePDG 117 is an example of a non-3GPP access gateway which acts as a gateway between the non-3GPP access networks and the 3GPP core network 102. Other examples of such non-3GPP access gateways may be a MAG or a TWAG.
In some embodiments, the 3GPP AAA server 113 comprises functionalities which enable it to also act as an AAA proxy. The 3GPP AAA server 113 may also be referred to as an AAA server.
The HSS 110 may be adapted to be connected to the 3GPP network 103 e.g. via the S6a interface. The HSS 110 may be further adapted to be connected to the 3GPP AAA server 113 e.g. via a SWx interface.
The PCRF 115 is a node which is adapted to be connected to the SGW 118 e.g. via a Gxc interface and adapted to be connected to the Operator IP services 125 e.g. via an Rx interface. The PCRF 115 is adapted to be connected to the ePDG 117 e.g. via a Gxb interface and to the PGW 120 e.g. via a Gx interface. The PCRF may be adapted to be connected to the trusted non-3GPP IP access network 108 e.g. via a Gxa interface.
The SGW 118 may be adapted to be connected go the PGW 120 e.g. via a S5 interface.
The PGW 120 may be adapted to be connected to the trusted non-3GPP IP access network 108 e.g. via an S2a interface and to the ePDG 117 e.g. via an S2b interface. The PGW 120 may be adapted to be connected to the 3GPP AAA server 113 e.g. via an S6b interface and to the Operator IP Services 125 e.g. via a SGi interface.
The 3GPP AAA server 113 may be adapted to be connected to the trusted non-3GPP IP access network 108 e.g. via a STa interface and to the 3PDG via a SWm interface. The 3GPP AAA server 113 may be adapted to be connected to the untrusted non-3GPP IP access network 105 e.g. via a SWa interface.
The ePDG 117 may be adapted to be connected to the untrusted non-3GPP IP access 105 e.g. via a SWn interface.
The UE 101 may be adapted to be connected to the ePDG 117 (e.g. via the untrusted non-3GPP IP access network 105) e.g. using a SWu interface.
WiFi is an example of a non-3GPP technology and is a wireless networking technology that uses radio waves to provide wireless high-speed Internet and network connections. WiFi access subscription management related functionalities e.g. authentication, authorization are provided with support from both the HSS 110 and the 3GPP AAA server 113.
The 3GPP integrated WiFi trusted access authorization is done on per WiFi access network i.e. the UE's 101 access to the core network 102 and non-seamless WiFi off-load services are allowed/barred on per WiFi access network. The WiFi access network may be identified by the SSID and optionally the HESSID.
The 3GPP integrated WiFi untrusted access authorization, though not specified by 3GPP, can be done on per WiFi access network i.e. the Visited Network Identifier.
The 3GPP integrated WiFi access authorization data is stored in the HSS server 110 and is downloaded to the 3GPP AAA server 113 for further enforcement at the access authorization.
For trusted WiFi access networks 108, the visited network is known with support from the visited network 3GPP AAA 113 by means of the attribute “Visited-Network-Identifier” over the SWd interface.
For untrusted WiFi access networks 105, e.g. public or residential WiFi networks, when the UE 101 connects with the ePDG 117, the visited network is not known, i.e. it is not known whether the user is in its home domain or outbound roaming. Therefore access authorization on roaming conditions could not be provided. FIG. 2 depicts an overall topology of the untrusted WiFi access network roaming use case. In FIG. 2, the UE 101 is illustrated to have an IPSec tunnel to the ePDG 117 via the public WiFi. The vertical solid lines illustrate the border between the visiting PLMN and the home PLMN. For a trusted environment where the location of the UE 101 is known, the visiting AAA address is used (SWd): MCC-MNC-NodeID. For an untrusted environment where the location is unknown, an originating IP-address (Can be spoofed) or an appropriate solution deriving location from home network is used. Identification of WiFi is expressed by dummy “MNC”=generic WiFi access